headers
Edmund J. Sutcliffe | 19 Feb 2004 21:36

[Pre]Bootstrapping or netboot installs

Hi,
   I've been using BpBatch for a while to deploy for various customers,
and more recently Rembo's Enterprise Toolkit 
	<http://www.rembo.com/products_toolkit.htm>
developed by the same team. The nice thing about this product is that it
is caches and knows how to do filestore differences to recover the
situation. You can rebuild a machine to a known state in 4 minutes.
  Another trick I've been using a lot of recently, is using RedHat's
kickstart, in the following way.
	A machine kickstarts locally, the scripts associated with this
build the machine. Then the machine is set to the client site, and the
machine DHCP's from a server on their router. This lets the machine boot
locally but get the IP configuration locally.
	As the machine startups up, it reads DNS SRV records and depending
on what these SRV records say it startup various services on
demand. In turn these DNS records, come for LDAP, and using pam controls
this also restricts what people and use as services..
	The next trick I'm working on is to get VISIO  to build the
network diagram and so populate the LDAP
	Edmund

--

-- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively 
<edmunds <at> panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841
Permalink | Reply | 0 comments |
headers
Pete Ehlke | 27 Feb 2004 21:59
Gravatar

Re: RE: Secure method to update firmware passwords - My Solution

On Fri Feb 27, 2004 at 09:51:55 -0800, Chris Kacoroski wrote:
>
>1. Created 2 ssh keys with null passphrases.  One allows the client to 

*wince*

Consider using keychain (http://www.gentoo.org/proj/en/keychain.xml) or
some other method to allow your keys to have a passphrase while still
permitting unattended work. Passphraseless keys are a security
nightmare.

-Pete
Permalink | Reply | 0 comments |

Gmane